The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Wednesday, January 28, 2009

Time for a privacy check-up

Today's Halifax Chronicle Herald has an opinion piece by Bob Doherty, the former head of privacy and access with the Nova Scotia Department of Justice:

Time for a privacy check-up Laws need to be understandable, consistent

By BOB DOHERTY
Wed. Jan 28 - 7:25 AM

With today being International Data Privacy Day, it is useful to see just how far society in Atlantic Canada has come in dealing with the complex issue of privacy since the last, almost unnoticed, celebration of this event locally a year ago.

Positive signs are emerging in the efforts to create more privacy consciousness in the region. Dalhousie University hosted a privacy event yesterday, and there have also been other events over the past 12 months. Most recently, CBC Radio’s Maritime Noon hosted a privacy "phone in" with Kostas Halavrezos and local privacy lawyer David Fraser. All of these events and others point to an increase in privacy consciousness in the past year.

However, as one listened to the calls that were received on the CBC Radio privacy segment, it became apparent there was substantial confusion as to what privacy choices, rights, obligations and remedies exist in a variety of settings. A good part of this confusion would seem to arise from a misunderstanding as to what "privacy" is.

In a nutshell, privacy is about legal choices, rights, obligations and remedies for the collection, use and disclosure of non-public, usually recorded, information about us, as individuals, in certain public and private-sector situations. However, even further than this, there are usually only four categories of personal information about us in which privacy choices, rights and obligations may or may not exist:

While some of the information in all categories may not be considered particularly sensitive and of little privacy interest to some individuals, for others this information is very personal and its disclosure would be viewed as highly privacy-invasive. Regardless of the sensitivity, there is always the potential for public embarrassment, denial of services or financial loss if the information is disclosed, or disseminated widely or indiscriminately.

However, while all of these categories involve our privacy choices, not all of the situations in these categories are subject to privacy laws.

All of this information we willingly (or reluctantly) give to selected individuals or organizations, either as a matter of trust, social interaction, contract or as required by law. However, there seems to be confusion among the general population on choices, rights, obligations and remedies (if any) in many of these situations where our personal information is involved.

In many cases, as Esther Dyson points out in a September 2008 Scientific American article entitled Reflections on Privacy 2.0, "People often have a better bargaining position than they realize, and are gaining the tools and knowledge to exploit that position."

So, how do we lessen that confusion and achieve that level of knowledge and understanding? For those who have tried to navigate the patchwork landscape of privacy laws in Canada, the answer should be obvious. Current laws need to be made more understandable to the average person and consistent across Canada. Penalties should be clear and significant for egregious privacy breaches, and oversight mechanisms must be provided with broad educational mandates and the budgets to implement them.

At the federal level, this would include passage of the proposed "identity theft" amendments to the Criminal Code, and development of clarity amendments to federal public and private-sector privacy legislation.

In Nova Scotia, this would mean proclamation of the recently passed Privacy Review Officer Act. It would also mean a provincial health information law, along with legislation to deal with privacy in the workplace and electronic surveillance (e.g. video, digital cameras including cellphone cameras, and computers).

If these changes, along with increased privacy education about choices, rights and obligations regarding our personal information in the schools, the workplace and the community are implemented, perhaps at this time next year we will not only have an increased level of privacy consciousness – we will also have a better understanding and the capacity to engage in a more informed debate on the future directions privacy-protection policy and laws should take.

Bob Doherty is a Halifax access and privacy consultant who teaches and works with access and privacy law courses in Nova Scotia and Alberta.

I think that Bob and I may think about privacy a bit differently. I probably wouldn't have used the categories he did. To me, words like "non-public" aren't very helpful and everything may fit into the category of "secrets". It just depends on how much an individual decides to disclose and how they propose to disclose it. Public information can be subject to privacy rights, as is the case in PIPEDA where publicly available information is still subject to legal limitations. But no matter what, the public should be educated about privacy rights and should have a say in shaping privacy laws.

Please note that I am only able to provide legal advice to clients of my firm. If you have a privacy matter, please contact me about becoming a client. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser may not be protected by solicitor-client privilege.

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Due to professional ethics, the author may not be able to comment on matters in which a client has an interest. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.